Hello, I'm Maneshwar. I'm building git-lrc, an AI code reviewer that runs on every commit. It is free, unlimited, and source-available on Github. Star Us to help devs discover the project. Do give it a try and share your feedback for improving the product.
Hello, I'm Maneshwar. I'm working on FreeDevTools online currently building **one place for all dev tools, cheat codes, and TLDRs — a free, open-source hub where developers can quickly find and use tools without any hassle of searching all over the internet.
Managing firewall rules manually on each server is boring and error-prone. Instead, automate it once with Ansible and let it run every time you provision a box.
This post shows how to configure UFW using Ansible in a way that is repeatable, version-controlled, and easy to extend.
Prerequisites
- Ansible installed on your control machine
- Target servers accessible via SSH
- Python installed on the target (Ansible needs it)
- The
community.generalcollection installed:
ansible-galaxy collection install community.general
Inventory: hosts.ini
[web]
webserver1 ansible_host=192.168.1.10
webserver2 ansible_host=192.168.1.11
Directory Structure
firewall-setup/
├── hosts.ini
├── playbook.yml
└── roles/
└── ufw/
├── tasks/
│ └── main.yml
Role Task File: roles/ufw/tasks/main.yml
# tasks file for setting up firewall
- name: Install ufw
ansible.builtin.apt:
name: ufw
state: present
update_cache: yes
become: true
- name: UFW - Allow SSH connections
community.general.ufw:
rule: allow
name: OpenSSH
become: true
- name: UFW - Allow HTTP connections
community.general.ufw:
rule: allow
port: "80"
proto: tcp
become: true
- name: UFW - Allow HTTPS connections
community.general.ufw:
rule: allow
port: "443"
proto: tcp
become: true
- name: UFW - Enable and deny by default
community.general.ufw:
state: enabled
default: deny
become: true
- name: UFW - Reload firewall
ansible.builtin.command: ufw reload
become: true
Playbook: playbook.yml
- name: Setup firewall using UFW
hosts: web
become: true
roles:
- ufw
Run the Playbook
ansible-playbook -i hosts.ini playbook.yml
What This Does
- Installs
ufwon the target machine (in case it's not there). - Allows only SSH, HTTP, and HTTPS.
- Enables the firewall and sets the default policy to deny.
- Reloads the firewall to apply the rules.
Add More Rules?
Want to open port 5432 for PostgreSQL or some other service? Just add a task like:
- name: UFW - Allow PostgreSQL
community.general.ufw:
ru```
{% endraw %}
sql
le: allow
port: "5432"
proto: tcp
{% raw %}
It’s online, open-source, and ready for anyone to use.
👉 Check it out:
⭐ Star it on GitHub:
Let’s make it even better together.
*AI agents write code fast. They also silently remove logic, change behavior, and introduce bugs -- without telling you. You often find out in production.
git-lrc fixes this. It hooks into git commit and reviews every diff before it lands. 60-second setup. Completely free.*
Any feedback or contributors are welcome! It's online, source-available, and ready for anyone to use.
⭐ Star it on GitHub:
HexmosTech
/
git-lrc
Free, Unlimited AI Code Reviews That Run on Commit
git-lrc
Free, Unlimited AI Code Reviews That Run on Commit
AI agents write code fast. They also silently remove logic, change behavior, and introduce bugs -- without telling you. You often find out in production.
git-lrc fixes this. It hooks into git commit and reviews every diff before it lands. 60-second setup. Completely free.
See It In Action
See git-lrc catch serious security issues such as leaked credentials, expensive cloud operations, and sensitive material in log statements
git-lrc-intro-60s.mp4
Why
- 🤖 AI agents silently break things. Code removed. Logic changed. Edge cases gone. You won't notice until production.
- 🔍 Catch it before it ships. AI-powered inline comments show you exactly what changed and what looks wrong.
- 🔁 Build a habit, ship better code. Regular review → fewer bugs → more robust code → better results in your team.
- 🔗 Why git? Git is universal. Every editor, every IDE, every AI…
Top comments (0)